I'm in the "never acceptable" camp. Filtering routes/peers? Sure. Disconnecting one of your own customers to stop an attack originating from them? Sure. Hijacking an AS you have no permission to control? No.
Obviously my views and not of my employer. Spencer Ryan | Senior Systems Administrator | sr...@arbor.net<mailto:sr...@arbor.net> Arbor Networks +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com<http://www.arbornetworks.com/> ________________________________ From: NANOG <nanog-boun...@nanog.org> on behalf of Blake Hudson <bl...@ispn.net> Sent: Monday, September 12, 2016 11:24:03 AM To: nanog@nanog.org Subject: Re: "Defensive" BGP hijacking? Hugo Slabbert wrote on 9/11/2016 3:54 PM: > Hopefully this is operational enough, though obviously leaning more towards > the policy side of things: > > What does nanog think about a DDoS scrubber hijacking a network "for > defensive purposes"? > > http://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-israel/ > > "For about six hours, we were seeing attacks of more than 200 Gbps hitting > us,” Townsend explained. “What we were doing was for defensive purposes. We > were simply trying to get them to stop and to gather as much information as > possible about the botnet they were using and report that to the proper > authorities.” > https://bgpstream.com/event/54711 My suggestion is that BackConnect/Bryant Townsend should have their ASN revoked for fraudulently announcing another organization's address space. They are not law enforcement, they did not have a warrant or judicial oversight, they were not in immediate mortal peril, etc, etc.
